• Department:TWCERT/CC
• Update:2019-04-08
• Count Views:876

The chief engineer from the production safety center of the Panasonic Corporation, Mr. LIN Eiki, was invited to the Sino-Japanese Engineering Seminar. A brief introduction about TWCERT/CC was made first to let Mr. Lin gain a preliminary understanding. After that, Mr. Lin gave a talk to share his professional experiences, the cyber security development in Japan, and the operation of Panasonic Product Security Incident Response Team (Panasonic PSIRT). In addition to home appliances, Panasonic’s current emphases are automobile parts, which account for 80% of its total products.

Panasonic also has product safety solutions. Before to the market, products will go through cyber threat analyses and black box testings. After finish product developments, the Panasonic developers will conduct cyber threats analyses. If any threats contain in its products, Panasonic will solve them in accordance with its product development procedure. For any vulnerabilities discovered by users and developers after products were sold, the corresponding responses include: the proof of concepts (POC) would like to be acquired to facilitate technicians to understand the situation of the incident, then the technicians will conduct the analysis and fix the problem respectively hence to acquire the recognition from the third party, such as incident reporting units, and finally there will be a public explanation to let people understand the facts and results of the incident. Mr. Lin said, “now the Panasonic PSIRT only assure the safety of Panasonic products, however the bug bounty mechanism is not established yet, which is because each of the Panasonic factories around the world has its own production lines, and not every production line recognizes the bug bounty mechanism.”

In addition, the reason why Japan promotes the National CSIRT Association (NCA) well while its enterprises are gradually establishing their internal CSIRTs and PSIRTs is because many Japanese enterprises commission their internal senior cyber security experts to assist in the operation of NCA while promoting the establishments of entrepreneurial CSIRTs and PSIRTs. Mr. Lin suggested that TWCERT/CC can firstly promote the CSIRT establishments to its familiar associations and ask those associations to promote the establishments of CSIRTS and PSIRTS to their member enterprises.